Today is National Ice Cream Cone Day, but that’s not the only scoop. This week SonicWall announced its revamped SecureFirst Partner Program to much acclaim. The changes are a culmination of actively listening to our partner community and implementing changes that put partners first, as reported on by eChannel News, MSSP Alert, Channel Futures and CRN. In other SonicWall news, CSO spoke with SonicWall Vice President of Strategic Partner Enablement and Integration Bobby Cornwell about his thoughts on the cyberattack at MGM.

In industry news, Dark Reading reported on CISA and the FBI’s alert on ‘Snatch’ ransomware-as-a-service (RaaS). Bleeping Computer had the lowdown on the breach at Pizza Hut Australia and the cyberattack on the International Criminal Court in the Netherlands. Hacker News provided details on a hacker named ‘Sandman’ using a strange Lua-based malware to breach telecom companies.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

The enhanced, reimagined partner program is propelled by SonicWall’s channel-first, outside-in approach

eChannel News, SonicWall News: SonicWall announced the introduction of its newly enhanced SecureFirst Partner Program to its existing and prospective North American customers, which is a culmination of actively listening to its partner community and implementing requested and recommended changes.

SonicWall Offers New Procurement Options to Partners

MSSP Alert, SonicWall News: SonicWall has enhanced its partner program to help its North American MSSP and MSP partners use its products to grow their businesses, according to the company.

SonicWall Listening to Channel As It Unveils Partner Program Changes

Channel Futures, SonicWall News: SonicWall has responded to partner demands with a list of changes to its SecureFirst Partner Program. The latest version of the SonicWall partner program is designed with MSP and MSSP business models in mind, said the vendor.

‘A New Dawn’: SonicWall Revamps Partner Program To Accelerate Growth, Activate MSPs

CRN, SonicWall News: SonicWall unveiled an overhauled channel program Tuesday that brings a major focus on enabling MSPs and MSSPs to work with the company, while introducing a range of improvements aimed at driving accelerated growth with all partners, according to SonicWall Global Channel Chief Michelle Ragusa-McBain.

Hackers behind MGM cyberattack thrash the casino’s incident response

CSO, SonicWall News: Experts like Bobby Cornwell, vice president of strategic partner enablement & integration at SonicWall, believe MGM’s move to shut down was indeed justified. “Out of an abundance of caution, MGM made the right call to lock down all the systems it did, even if it meant inconveniencing its guests as a result of their actions,” Cornwell said.

How to promote online student safety

Security Boulevard, SonicWall News: Worse yet, cybercriminals are upping the ante with a host of sophisticated new attack vectors. SonicWall identified over 270,000 never-before-seen malware variants in just the first half of 2022 — a 45% year-over-year increase. For perspective, that’s the equivalent of 1,500 new malware strains daily.

UK military data possibly compromised in LockBit attack against third party

SC Media, SonicWall News: “Such an attack shows the persistent risk of cyberattacks faced by governments amid threat geomigration,” according to SonicWall Vice President of EMEA Spencer Starkey. “These cyberattacks raise concerns about a country’s own national security, critical national infrastructure as well as the safety of sensitive information,” Starkey added.

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall: ‘Complacency is the enemy in the cybersecurity game’

Unleash, SonicWall News: SonicWall’s VP of EMEA Spencer Starkey’s topline message to organizations is: “Don’t let the overall data fool you.” Yes, the first quarter of 2023 saw the lowest number of attacks since the fourth quarter of 2019 (51.2 million). However, the second quarter of this year saw the number of attacks rocket to 74% higher than Q1 at 88.9 million. Indeed, SonicWall predicts that ransomware attacks are “poised for a rebound” later this year.

Liongard Expands SonicWall Relationship to Enhance Configuration Change Detection and Response with Capture Client Platform to Mitigate Cybersecurity Risk

Business Wire, SonicWall News: “Extending Liongard’s relationship with SonicWall gives us the ability to inspect and assess across the SonicWall solution portfolio,” said Michelle Accardi, CEO of Liongard, “Our integrated solution will proactively monitor SonicWall Capture Client policy configurations, guarding against human errors and changes, both on and off network. With this comprehensive protection in place, our partners gain effective threat protection, increased visibility and protection, and centralized management.”

Industry News

CISA and FBI Sound the Alarm on Snatch Ransomware Service

This week, CISA and the FBI issued a joint advisory on a ransomware-as-a-service (RaaS) operation called “Snatch.” Snatch has been active since at least 2018, and the group’s RaaS software is known for forcing Windows computers to boot into safe mode and then encrypting files. The advisory issued by both agencies warns that the group is turning its eyes to critical infrastructure sectors such as IT, defense and agriculture. Snatch has been more active over the past year, which may explain the timing of this advisory. Snatch infiltrates organizations in a variety of different ways including using stolen credentials and targeting vulnerabilities in Remote Desktop Protocol (RDP). Once inside, the group uses a mixture of legitimate and malicious tools to exfiltrate sensitive data before encrypting the files. Cybersecurity experts noted that a majority of these attacks have been focused on organizations in North America. Any organizations in the listed critical sectors should be paying extra attention as Snatch continues its spree.

193,000 Customers Affected by Pizza Hut Australia Breach

Customers of Pizza Hut Australia are being notified this week of a cybersecurity incident that allowed threat actors to nab their personal information. Pizza Hut Australia’s servers that store customer’s sensitive data were accessed by hackers earlier this month. The notification stated that the breached data included customer record details and online order information. It includes full names, delivery addresses, delivery instructions, email addresses, phone numbers, masked credit card data and encrypted passwords. Despite the encryption of the passwords, Pizza Hut Australia did suggest customers consider changing their passwords. A threat actor named ‘ShinyHunters’ who breached Pizza Hut Australia in early September stated that they gained access to Pizza Hut Australia via an unprotected Amazon Web Services (AWS) endpoint. It’s unclear so far if the attack by ShinyHunter is the same attack Pizza Hut Australia is notifying customers of at this stage, but it does seem like a possibility. All Pizza Hut Australia customers should be watching their emails vigilantly for any suspicious communications.

European, African and South Asian Telecom Providers Targeted by ‘Sandman’ Hacker

Security researchers have linked a threat actor named “Sandman” to a series of cyberattacks targeting telecom providers in three continents. The hacker is utilizing a just-in-time (JIT) compiler called LuaJIT, which is used for coding in the programming language Lua, to deploy a novel implant called ‘LuaDream.’ While no known threat group has taken credit for the attacks, researchers implied this didn’t seem like a one-man show. The security researchers stated that the way LuaDream is executed indicates it’s a “well-executed, maintained and actively developed project of considerable scale.” According to Hacker News, seeing Lua used in the threat landscape isn’t very common. In fact, it’s only been observed three times since 2012. Researchers aren’t entirely certain how the threat actors are gaining initial access, but they do know it involves stealing administrative credentials and obtaining information to breach workstations and deliver the malware. Researchers should learn more as the threat actor(s) continue attacks throughout the three continents, but this does seem to be a strange tool.

International Criminal Court Suffers Cyberattack

The International Criminal Court (ICC) released a statement concerning a cyberattack that took place last week. The ICC noticed its systems had been breached and immediately took measures to address the incident. The ICC is hosted by the Netherlands, and Dutch authorities are now involved in the investigation. While the ICC didn’t release further information on the damage that had been done during the cyberattack, the organization did state that it will be making greater efforts to strengthen its cybersecurity. The ICC typically investigates and prosecutes the worst of the worst crimes affecting international communities, such as war crimes, genocide and more. This year, the ICC issued an arrest warrant for Russian President Vladimir Putin for war crimes in Ukraine. It’s unclear what the threat actors’ goals were for this attack, but the investigation should shed light on that.

SonicWall Blog

How the All-New SecureFirst Partner Program Puts Partners First – Michelle Ragusa-McBain

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Fall is fast approaching, and with the new season comes SonicWall’s season of sales – check out our promotion page to find deals on firewalls, endpoint protection and more. This week, SonicWall CEO Bob VanKirk went on Nasdaq TradeTalks to discuss how IT departments can fend off stealthier cyberattacks. Be sure to check out the Mid-Year Update to the 2023 Cyber Threat Report to see more of what to watch out for.

In industry news, Dark Reading detailed Microsoft’s discovery of a Russian misinformation campaign in Africa and a brand-new cloud attack vector that should have DevOps on notice. Bleeping Computer covered Okta’s warning of IT help desk attacks in the United States. Tech Crunch had the lowdown on Flipper Zero’s latest disruptive ability.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Stealthier Means of Malicious Cyber-Attacks and What It Means for IT Departments

Nasdaq, SonicWall News: Bob VanKirk, CEO, SonicWall, joins Jill Malandrino on Nasdaq TradeTalks to discuss stealthier means of malicious cyber-attacks and what it means for IT departments.

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Industry News

Russia Begins Misinformation Campaign in Africa

An investigation by Microsoft has revealed Russia’s nefarious actions in some African countries. According to the investigation, Russia has launched fake media outlets that sympathize with Russia and express anti-French sentiments. According to Dark Reading, they’ve also created fake civil society organizations in less stable African nations. Russia is capitalizing on already-present instability in countries like Mali, Niger, Gabon, Burkina Faso and Guinea. Some of these countries have ongoing coups, and Russia’s operations in these countries have praised coup leaders and stoked anger at France. Apparently, some of these operations were being run by Russia’s notorious Wagner Group, so the group’s presence on the African continent is now up in the air following the death of its leader, Yevgeny Prigozhin. The misinformation campaign has taken part largely through social media and fake news outlets. It has been successful enough that French diplomats have been recalled from some nations due to rising tensions. This is all going on in the background of Russia’s war against Ukraine, so only time will tell how long they can continue these operations with pressure boiling at home.

Brand New Attack Vector Should Have DevOps on Watch

A first-of-its-kind cloud attack should have DevOps keeping their eyes peeled. Attackers have found a way to take full control over systems using MinIO, which is a distributed object storage system. MinIO is compatible with Amazon S3 cloud storage, which is used by many companies. Security researchers discovered the new attack vector when cybercriminals recently tricked a DevOps engineer into updating MinIO with the attackers’ own corrupt “update.” The update included a built-in command shell function that allowed the attackers to remotely execute code and take over the system. The GitHub repository for the fake update is literally named “Evil_MinIO,” which is quite on the nose, even for cybercriminals. The researchers warned that companies using MinIO should be on watch, DevOps in particular. Make sure any and all updates are coming directly from MinIO and not a third party.

Flipper Zero Can Spam Nearby iPhones Via Bluetooth

The list of troublesome attacks that the Flipper Zero hacking device can perform continues to grow. It’s already been responsible for car theft and more, but it can now also spam iPhone users from thousands of feet away. A security researcher demonstrated the attack, comparing it to a denial-of-service attack. Essentially, any person with a Flipper Zero device can tweak the firmware to send out Bluetooth Advertisements to nearby iPhones. The attack renders the device useless due to the constant flurry of popups. Tech Crunch tested the attack and was able to successfully interfere with an iPhone 8 and an iPhone 14 Pro. While most of these attacks would have a far more limited range, the researcher who sounded the alarm on the attack noted that an attacker could use a simple amplifying board to increase the device’s range to thousands of feet or more. That would allow an attacker in a busy area to attack potentially hundreds of iPhones at once. The researcher, who only goes by Anthony, stated that Apple could defend against the attacks by ensuring that the Bluetooth devices attempting to connect to iPhones are legitimate.

Okta Warns of Attacks on IT Service Desks

The identity and access management business Okta warned of attacks on IT help desks in the United States this week. The attackers have been attempting to gain access to Okta Super Administrator accounts which would give them full access to the organizations they’re infiltrating. Okta stated that the attackers typically already have passwords for the high-access accounts before beginning their attack. Once they’ve gained control, they elevate privileges for other accounts and remove multi-factor authentication (MFA) for some accounts as well. Okta recommends that users take multiple steps to prevent an attack on their organization including enforcing phishing-resistant authentication using Okta FastPass, requiring re-authentication for privileged app access and more. Organizations using Okta should carefully review the steps Okta has listed to provide optimal protection for their networks.

SonicWall Blog

Why Firewall Throughput Numbers Don’t Tell the Whole Story – Tiju Cherian

Elevate Your Network with The Ultimate 3 & Free Promotion – Michelle Ragusa-McBain

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

We’re heading into the final week of August, and it’s been an exciting month here at SonicWall. If you haven’t already given it a read, be sure to check out our Mid-Year Update to the 2023 Cyber Threat Report.

In industry news, Dark Reading covered increasing ransomware numbers and a lawsuit that could have far-reaching implications for software makers. Bleeping Computer had the lowdown on North Korea’s Lazarus gang preparing to offload over $40 million in crypto assets. Tech Crunch provided new details on the data breach at Tesla.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Industry News

Ransomware on the Rise

A security consulting group sounded the alarm about a ransomware resurgence happening right now. In July, the group found that data from 502 breaches was posted to various leak sites. That’s a 150% increase from July 2022. Many factors have led to this increase, but the group noted that it has a lot to do with the rise of more easily exploited vulnerabilities like we’ve seen with the breach of MOVEit’s file transfer tool. On top of that, the average time a ransomware group waits to strike once they infiltrate a company has shrunk by nearly 50% since 2022 from nine days down to five. The group found that a majority of these new attacks are targeting the industrial sector, which is a sector that has as a whole been spending less on cybersecurity over the past few years. Much of the increase can be attributed to the Cl0p ransomware gang, which has been responsible for three times the amount of data leaks as the second most successful group, Lockbit 3.0. Our recently released Mid-Year Update to the 2023 Cyber Threat Report indicated a ransomware rebound may be in the works, and this data seems to support that. Only time will tell if the trend continues into the remainder of the year.

Lawsuit Calls for More Accountability for Software Makers Amid MOVEit Breaches

Progress Software, the makers of the MOVEit file transfer tool, are the subject of a class-action lawsuit following the massive MOVEit breaches that began earlier this year. The lawsuit claims Progress Software breached its contracts and was negligent. The attacks have affected small organizations and billion-dollar organizations like Shell and British Airways alike. The lawsuit alleges Progress didn’t “properly secure and safeguard personally identifiable information” and has exposed plaintiffs to an ongoing risk of identity theft, not to mention financial costs and losses of time and productivity. If the lawsuit goes in favor of the plaintiffs, it could set a precedent to hold software developers accountable for the security of their applications in the event of major supply-chain breaches such as this. A spokesperson from MOVEit relayed that Progress will not comment on the pending litigation.

Tesla Data Breach Revealed to be Inside Job

Tesla has released a statement saying two former employees are responsible for a data breach that affected over 75,000 Tesla employees. Tesla’s data privacy officer, Steven Elentukh, said that the former employees violated Tesla’s IT security and data protection policies by sharing the data. The data contains loads of information on the 75,000 employees including names, addresses, phone numbers, Social Security numbers and employment records. The two employees in question handed the data over to a German newspaper, but the newspaper assured Tesla that it would not publish the data or misuse it. The information was 100 gigabytes in total and included customer bank details, production secrets and customer complaints alongside the employee data. The German newspaper said Tesla owner Elon Musk’s Social Security number was also included in the leak. Tesla has filed lawsuits against the former employees, and their electronic devices have been seized.

Lazarus Gang Preparing to Offload $41 Million in Stolen Crypto

The FBI has been tracking the movement of bitcoin stolen by the North Korean Lazarus gang and has narrowed it down to six cryptocurrency wallets. In total, it appears the group has moved 1,580 bitcoins to the six wallets. A recent report found that North Korean state hacker groups have been responsible for the theft of more than $2 billion in crypto over the past five years. More recently, the notorious Lazarus gang has been linked to a breach on Axie Infinity that holds the crown for the largest crypto heist of all time which saw the hackers make off with a whopping $620 million worth of Ethereum. On Tuesday, the FBI released a statement saying, “The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime.” They also urged anyone with information on the state-backed hacking groups to contact their local FBI field office with information.

SonicWall Blog

Why Education is the New Cybercrime Epicenter – Amber Wolff

How SonicWall Offers High Availability at the Lowest Price – Tiju Cherian

Cryptojacking Continues Crushing Records – Amber Wolff

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

It’s the middle of August, and SonicWall is having another excellent month. Be sure to check out the Mid-Year 2023 Cyber Threat Report for the latest must-know data and trends in the cybersecurity space.

In industry news, Dark Reading covered the recent rise in ransomware’s victim count. Data Breach Today provided details on a dangerous data leak with the police in Northern Ireland. Bleeping Computer had the lowdown on Missouri’s Medicaid data breach. Hacker News reported on a massive exposure of U.K. voter data.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SonicWall Promotes Michelle Ragusa-McBain To Global Channel Chief

CRN, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to head its sizable global partner organization, just months after hiring the channel veteran as its North America channel chief. Looking ahead, SonicWall is planning to roll out a “soft launch” of its revamped SecureFirst Partner Program in September, with a full global launch of the new program planned for February 2024, Ragusa-McBain told CRN.

SonicWall Promotes Cisco Vet to Global Channel Leader

Channel Futures, SonicWall News: SonicWall has promoted Michelle Ragusa-McBain to vice president and global channel leader. She joined SonicWall as vice president and North America channel leader in May. A key theme for SonicWall’s channel strategy is embracing an outside-in approach to crafting its strategy and executing with partners. What that means is we’re listening to our partners and customers more than ever before, rather than operating in a vacuum and telling you what you need.

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Industry News

Zero-day Exploits Cause Rise in Ransomware Victims

Between the first quarter of 2022 and the first quarter of 2023, ransomware’s victim count rose by 143%. As noted in the Mid-Year 2023 Cyber Threat Report, ransomware attacks as a whole are down. So why might the number of victims be up? The answer: zero-day exploits. Ransomware attackers are increasingly choosing to exploit zero-day vulnerabilities when choosing their next targets. The researchers found that threat actors are moving away from classic attack methods like phishing and moving straight to finding zero-day exploits, either on the gray market or through in-house development. The Cl0p ransomware gang may be the most notorious example of this. This year alone they’ve used zero-day exploits to break into multiple large companies with exploits on Fortra’s GoAnywhere software and MOVEit’s file transfer tool. Researchers also found that ransomware groups are moving away from encrypting the victim’s data and moving more toward exfiltrating the data. Gone are the days when a hacked company could find a way to unencrypt its data leaving the attackers in the dust – with the switch to exfiltration, victims can now either pay up or risk having their data sold on the Dark Web. These are concerning trends to see especially when many expect ransomware attack numbers to rebound in the second half of 2023. Robust cybersecurity measures and good cyber hygiene practices are the best ways for organizations to protect themselves from attacks.

Serious Data Mishap Puts Police in Northern Ireland in Danger

The Police Service of Northern Ireland (PSNI) accidentally uploaded a spreadsheet containing the first initials, surnames and locations of all officers and staff on its website earlier this week. The PSNI blamed ‘human error’ for the mistake. The spreadsheet was live on the PSNI website for at least three hours on Tuesday afternoon. Fortunately, the spreadsheet did not include home addresses. PSNI had created the spreadsheet to comply with a freedom of information request, but it’s unclear how it ended up on the website for the public’s view although an investigation is underway. This situation has even higher stakes with the historical context of policing in Northern Ireland. Many of the officers and employees actually hide their employment – some even go so far as to hide it from their families. That means that although it didn’t include home addresses, even the names of employees can have serious consequences. In March, the British government sounded the alarm on terrorism in Northern Ireland following an assassination attempt on a police officer. The head of a cybersecurity firm in Dublin called this leak “the most serious breach” he has ever seen. The information exposed in this spreadsheet could be used not just by petty criminals, but by republican paramilitaries to commit acts of terror against officers. The breach could result in numerous members of the PSNI needing to relocate their homes and families.

Missouri Medicaid Data Exposed in IBM MOVEit Breach

Following the Cl0p ransomware gangs MOVEit file transfer tool attacks, Missouri’s Department of Social Services (DSS) has announced that sensitive healthcare information from Missouri’s Medicaid program was exposed. The attack didn’t actually take place on Missouri’s DSS – it was against IBM, which provides data services to the DSS. IBM stated that they’ve been working with the DSS to minimize the damage from this incident. According to the DSS, the exposed information potentially includes names, department client numbers, dates of birth, benefit eligibility and medical claims information. According to Bleeping Computer, only two Social Security Numbers were included in the breach. The Missouri DSS recommended that all involved individuals freeze their credit to prevent fraud.

Voter Data of Over 40 million Exposed in UK Electoral Commission Breach

Voters in the United Kingdom should be wary as the U.K.’s Electoral Commission has announced that they’ve suffered a “complex” cyberattack. The commission identified the incident in October 2022 but noted that the attackers had access to the system since August 2021. With over a year of free reign inside the Commission’s systems, the threat actors had access to the voter data of 40 million people. The only excluded parties are those who registered anonymously or electors registered outside of the U.K. According to Hacker News, the data included names, email addresses, home addresses, phone numbers, personal images and more. As of now, the identity of the attackers is unknown. It’s also unclear why the Commission waited 10 months to disclose this attack. The Commission’s email server was also exposed which puts anyone who was in contact with the Commission through email at risk. A security watchdog recommended that anyone who has been in contact with the Commission and anyone who registered to vote between 2014 and 2022 should keep a careful eye out for unauthorized use of their personal information.

SonicWall Blog

Why Should You Choose SonicWall’s NSsp Firewalls? – Tiju Cherian

Utilize APIs to Scale Your MySonicWall Operation – Chandan Kumar Singh

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

This week, SonicWall is celebrating the release of the mid-year update to the 2023 Cyber Threat Report. Infosecurity Magazine, CRN, DL News and ITPro have already pored through the report – be sure to give it a read for the latest threat intelligence and fresh insights into the current threat landscape.

In industry news, Dark Reading reported on new data showing that the cost of a data breach has increased and also detailed the Biden administration’s nomination for National Cyber Director. Bleeping Computer broke down a massive crypto heist pulled off by North Korea’s Lazarus group. TechCrunch provided details on a worm malware spreading through Call of Duty lobbies.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Ransomware Attacks Skyrocket in Q2 2023

Infosecurity Magazine, SonicWall News: “Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found.

The 2023 SonicWall Mid-Year Cyber Threat Report observed two “very unbalanced quarters” regarding the volume of ransomware attacks so far this year. SonicWall Capture Labs Threat Researchers recorded 51.2 million attacks in Q1 2023, representing the smallest number of attacks since Q4 2019.”

How Bitcoin Swings Helped Drive an Almost Nin-fold Surge in Cryptojacking attacks in Europe

DL News, SonicWall News: Cryptojacking attacks skyrocketed when Bitcoin prices fell, and could be the overture to something worse, according to SonicWall researchers. These attacks turn victims’ computers into unknowing crypto mining rigs. Bitcoin reached a $68,000 high in November 2021 before crashing down to as low as just above $16,000 in 2022. It currently hovers around $30,000.

Cryptojacking attacks surge 399% globally as threat actors diversify tactics

ITPro, SonicWall News: Security experts have issued a warning over a significant increase in cryptojacking attacks as threat actors seek to ‘diversify’ their tactics. The volume of cryptojacking attacks surged by 788% in Europe during the first half of the year, with attacks in North America also rising by 345%.

SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics

CRN, SonicWall News: Ransomware continued to lose favor among malicious actors during the first half of 2023, but overall intrusions increased as some attackers switched focus to other types of threats, according to newly released SonicWall data. In the cybersecurity vendor’s report on the first six months of the year, ransomware attack volume dropped 41 percent from the same period a year earlier, the report released Wednesday shows.

Evolving Threats – Evolved Strategy

ITVoice, SonicWall News: The ever-evolving cybersecurity landscape is rapidly changing, and businesses must change with it. The massively expanding, distributed IT reality is creating an unprecedented explosion of exposure points for sophisticated cybercriminals and threat actors to exploit.

Britain’s Biggest Hospital Held To Ransom

Cyber Security Intelligence, SonicWall News: SonicWall expert Spencer Starkey said “The healthcare sector continues to be a prime target for malicious actors as evidenced by the recent attack on Barts Health NHS Trust. Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life.”

Hackers claim breach is the ‘biggest ever’ in NHS history

Silicon Republic, SonicWall News: Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally. “Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack. The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.

How to Reach Compliance with HIPAA

TrendMicro, SonicWall News: According to the 2022 SonicWall Cyber Threat Report, healthcare continued a large spike in malware in 2021, at 121%. While the largest jump in IoT malware attacks belonged to healthcare, which saw a 71% year-over-year increase. To shed light on the significance malware can carry, it’s important to look at how recent breaches could’ve been circumvented by abiding to the HIPAA rules and safeguards.

Why Attackers Love to Target IoT Devices

VentureBeat, SonicWall News: Malicious objects were blocked on more than 40% of OT systems. SonicWall Capture Labs threat researchers recorded 112.3 million instances of IoT malware in 2022, an 87% increase over 2021.

Changes in the Ransomware Threat to State and Local Governments

StateTech, SonicWall News: According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021. While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

Clop’s MOVEit ransom deadline expires

ComputerWeekly, SonicWall News: At the time of writing, no data had yet been published, and SonicWall EMEA vice-president Spencer Starkey urged victims to hold the line in the face of the gang’s threats and grandstanding.

As the clock ticks closer, businesses impacted by the MOVEit hack may be tempted to pay off the hackers and move on. While this appears as the fastest way to resolve this, in fact, it actually feeds the monster, encouraging more attacks, said Starkey. On the other hand, not paying might lead to potential data loss and the cost of restoring systems, but it also helps starve these criminal operations and may discourage future attacks. At this stage, the key is customer and employee communication. The companies impacted must always strive to keep those channels flowing both ways, to reassure those who may be affected that they are doing everything possible to recover from and resolve the incident.

Industry News

President Biden Nominates Former NSA Executive Director as National Cyber Director

After months of waiting, President Biden has announced his nomination to fill the position of National Cyber Director in former NSA executive director Harry Coker. The position has been vacant since Chris Inglis stepped down in February. With the recently released national cybersecurity strategy, the new director will have plenty to do once his nomination is confirmed. Coker is a veteran of the United States Navy and has also held positions in the Central Intelligence Agency previous to his time with the NSA. He was also a member of President Biden’s national security staff when Biden took office in 2021. This nomination comes barely two weeks after a group of cybersecurity organizations sent a strongly worded letter to the White House asking them to speedily nominate someone – a rare victory for all strongly-worded-letter enthusiasts. The nomination will now move through Congress for Coker to be confirmed.

North Korean Lazarus Hackers Connected to $60 million Crypto Theft

The notorious Lazarus gang from North Korea has been linked to a recent $60 million theft on the payment processing company Alphapo. The crypto payment platform is frequently used for things like gambling, e-commerce and other online purchases. Alphapo was attacked this past Sunday and the hacker gang drained people’s wallets of millions of dollars in cryptocurrency. A cryptochain investigator who goes by “ZackXBT” noticed that the attackers also stole $37 million of TRON and Bitcoin which brought the total to a whopping $60 million. The Lazarus group has not publicly claimed the attack, but researchers noted that Lazarus tends to leave a very distinct fingerprint during attacks. According to Bleeping Computer, Lazarus has previously been linked to similar attacks such as a $35 million theft on Atomic Wallet, a $100 million attack on Harmony Horizon and a $617 million heist on Axie Infinity. They noted that a common tactic of Lazarus is to bait crypto firm employees with fake job offers that actually lead to infected links. Lazarus gains access to the company networks and then begins planning its thefts. Law enforcement agencies and blockchain analysis firms have not yet confirmed the groups participation in this attack.

The Cost of a Data Breach Has Increased by 15%

According to a new report by IBM, the cost of a data breach has increased by 15% over the past three years skyrocketing to $4.45 million per breach for affected businesses. Despite this, 57% of businesses still seem inclined to simply pass the buck to consumers rather than invest in sturdier cybersecurity. Many consumers are facing the double whammy of businesses not caring enough to protect their data and then being charged more when these loosely secured organizations lose their information. IBM did find several ways organizations could better protect their data including investing more in security and being willing to involve law enforcement. The report stated that 37% of breached organizations refused to involve the authorities. It seems that these businesses want to attain consumer data without taking measures to ensure its security. Cybersecurity is incredibly accessible for businesses today with numerous free and paid tools to provide better protection. Breaches are still possible even with good security, but refusing to invest more in security after experiencing a costly incident like a data breach is simply bad business.

Malware Spreading Through Call of Duty Game Lobbies

Hackers have been wreaking havoc on players in an old Call of Duty game. Last month, a Steam user made a post alerting other players of Call of Duty: Modern Warfare 2 (2009) that threat actors were using “hacked lobbies” to spread malware. Another user analyzed the malware and noted that it appeared to be a worm. Activision, the developers of Call of Duty, posted a tweet vaguely acknowledging the malware letting players know that the servers will be going offline presumably for action to be taken. It’s unclear so far why the hackers are spreading malware through the game lobbies, but it’s clear that they’re exploiting one or more bugs in the game itself to accomplish this. The worm works by spreading from one infected player in a lobby to other players who don’t have adequate protection on their computers. Anybody who has been playing the game over the past few months should run an anti-virus software on their computer to see if they’ve been infected. Viruses spreading through games is not uncommon, but they typically spread through trojanized versions of the game installers. Malware spreading through actual game lobbies is not very common.

SonicWall Blog

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows – Amber Wolff

If It’s Easy, It’s TZ – Tiju Cherian

Sonic Boom: Getting to Know the New SonicWall – Michelle Ragusa-McBain

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader – Bret Fitzgerald

3 & Free Promotion: How to Upgrade to a Gen 7 NSsp Firewall for Free – Michelle Ragusa-McBain

Monthly Firewall Services Option for Simplicity and Scalability – Sorosh Faqiri

Monitoring and Controlling Internet Usage with Productivity Reports – Ashutosh Maheshwari

SonicWall NSM 2.3.5 Brings Enhanced Alerting Capabilities – Suriti Singh

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian